Security News

The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. Primary targets of the latest attack waves include the U.S., Canada, China, India, Japan, Taiwan, the Philippines, and the U.K. BazaCall, also called BazarCall, first gained popularity in 2020 for its novel approach of distributing the BazarBackdoor malware by manipulating potential victims into calling a phone number specified in decoy email messages.

Callback phishing operations have evolved their social engineering methods, keeping old fake subscriptions lure for the first phase of the attack but switching to pretending to help victims deal with an infection or hack. Callback phishing attacks are email campaigns pretending to be high-priced subscriptions designed to lead to confusion by the recipient as they never subscribed to these services.

In this Help Net Security video, Alon Levin, VP of Product Management at Seraphic Security, explains what social engineering is, and how prevalent it is. He offers insight into the three ways enterprises can mitigate the risks of social engineering.

In this Help Net Security video, Grayson Milbourne, Security Intelligence Director at OpenText Security Solutions, discusses the innovation behind social engineering campaigns and illustrates how...

In this Help Net Security video, Otavio Freire, President and CTO at SafeGuard Cyber, offers insight on new social engineering tactics discovered in the wild, and illustrates how phishing attacks...

A Minnesota computer store suing its crime insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses. Travelers, which filed a motion to dismiss, said SJ's policy clearly delineated between computer fraud and social engineering fraud.

At least three groups split from the Conti ransomware operation have adopted BazarCall phishing tactics as the primary method to gain initial access to a victim's network. This allows the threat actors to deploy highly-targeted attacks that are more difficult to detect and stop because of the social engineering component.

In this Help Net Security video, Chris Lehman, CEO at SafeGuard Cyber, talks about how adversaries are moving beyond email to attack companies through a wide range of digital communications platforms, including mobile messaging, collaboration, conferencing, CRM and social media. These social engineering attacks are difficult to detect and bypass standard security controls.

Ransomware and social engineering continue to dominate challenges facing cybersecurity professionals, according to Verizon's 15th annual Data Breach Investigations Report. In general, the results of DBIR merely confirm well-established trends, such as the growing threats of ransomware - up 13% this year - and the inescapability of the "Human element", which was tied to 82% of all breaches.

By preying on human emotion, social engineering scams inflict billions of dollars of damage with minimal planning or expertise. Recent research reveals that social engineering is leveraged in 98% of attacks.